/**
 * 代号:甲骨兽进化 2017：厚溥
 * 文件名：BaseDao.java
 * 创建人：jh
 * 日期：2018年5月20日
 * 修改人：
 * 描述：
 */
package com.jh.shiro;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.kd.utils.ApplicationContextRegister;
import org.kd.utils.WebConstant;

import com.jh.model.User;
import com.jh.service.UserService;

/**
 * 用途：业务模块名称
 */
public class ShiroRealm extends AuthorizingRealm{

	/* (non-Javadoc)
	 * 授权验证
	 * @see org.apache.shiro.realm.AuthorizingRealm#doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		// TODO Auto-generated method stub
		
		SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
		Set<String> perms = new HashSet<String>();
		Object principal = principals.getPrimaryPrincipal();
        if (principal instanceof User) {
        	User user = (User) principal;
        	UserService  UserService = ApplicationContextRegister.getBean(UserService.class);
        	perms = UserService.queryMenu(user.getId());
        }
	
        Iterator<String> iterator = perms.iterator();
        while (iterator.hasNext()) {
			String string = (String) iterator.next();
			System.err.println(string);
		}
		//权限标识放入令牌中
		info.setStringPermissions(perms);
		return info;
	}

	/* (non-Javadoc)
	 * @see org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)
	 登录验证
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		// TODO Auto-generated method stub
		 UsernamePasswordToken utoken=(UsernamePasswordToken) token;//获取用户输入的token
		    String password = new String((char[]) token.getCredentials());
		    User model = new User();
		    model.setName(utoken.getUsername());
		    model.setDelFlag(WebConstant.NODELETECODE);
	        UserService  empService = ApplicationContextRegister.getBean(UserService.class);
	        User param = empService.queryByParam(model);
	        
	        // 账号不存在
			if (param == null) {
				throw new UnknownAccountException("账号或密码不正确");
			}

			// 密码错误
			if (!password.equals(param.getPassword())) {
				throw new IncorrectCredentialsException("账号或密码不正确");
			}

	        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(param, password, getName());  //放入shiro.调用CredentialsMatcher检验密码
			return info;
	}

}
